IP Address: 81.222.221.226Previously Malicious
IP Address: 81.222.221.226Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Successful SSH Login Port 22 Scan Download and Execute SFTP Download File 1 Shell Commands Service Creation Listening Download and Allow Execution SSH Port 1919 Scan |
Associated Attack Servers |
bsconect.com.br cabotelecom.com.br 15.228.148.72 61.63.121.34 62.210.130.171 119.45.1.175 128.8.238.76 138.185.197.214 150.136.67.66 159.65.57.205 173.212.208.146 187.111.253.62 212.58.82.70 |
IP Address |
81.222.221.226 |
|
Domain |
- |
|
ISP |
VimpelCom |
|
Country |
Russian Federation |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-15 |
Last seen in Akamai Guardicore Segmentation |
2022-05-22 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
./.5164417932391334045/xinetd was downloaded |
Download File |
The file /root/.5164417932391334045/xinetd was downloaded and executed 64 times |
Download and Execute |
Process /bin/bash generated outgoing network traffic to: 103.125.105.25:1919, 103.145.22.81:1919, 103.156.242.163:1919, 103.74.253.57:1919, 107.172.21.124:1919, 112.126.148.29:22, 114.172.166.11:22, 114.71.118.201:22, 116.213.107.8:22, 119.45.1.175:1919, 12.4.112.15:22, 128.199.248.246:1919, 133.222.7.170:22, 135.63.128.248:22, 135.81.54.123:22, 135.85.21.72:22, 136.204.251.221:22, 138.185.197.214:1919, 143.140.0.177:22, 148.115.129.172:22, 149.244.252.66:22, 150.207.140.144:22, 151.101.130.203:22, 151.215.6.126:22, 151.253.124.220:1919, 152.70.107.103:1919, 155.73.147.222:22, 157.88.38.112:1919, 159.157.197.132:22, 159.65.57.205:1919, 160.241.116.217:22, 160.26.152.69:22, 161.97.130.74:1919, 161.97.156.242:1919, 162.214.122.214:1919, 163.74.184.41:22, 164.125.138.249:22, 168.193.2.98:22, 168.193.216.124:22, 168.31.168.147:22, 17.231.90.4:22, 170.250.113.17:22, 171.117.168.177:22, 171.191.134.198:22, 171.194.218.20:22, 173.210.134.74:22, 174.138.30.216:1919, 174.33.237.12:22, 175.149.199.103:22, 178.150.145.6:22, 178.9.10.193:22, 183.35.97.39:22, 185.209.228.119:1919, 186.219.116.54:22, 194.32.76.58:1919, 195.56.242.163:22, 198.148.126.11:1919, 2.172.215.216:22, 200.145.158.62:1919, 204.66.115.198:22, 205.193.27.250:22, 210.102.9.34:22, 210.130.200.79:22, 210.70.154.228:22, 211.209.204.40:22, 213.136.77.123:1919, 214.211.59.166:22, 215.80.113.99:22, 217.229.92.193:22, 28.181.128.79:22, 28.214.54.81:22, 29.17.248.165:22, 3.239.203.91:1919, 3.35.53.98:1919, 33.185.12.6:22, 42.196.93.230:22, 43.156.80.70:1919, 45.239.216.250:1919, 47.149.109.90:22, 5.182.210.195:1919, 51.210.179.222:1919, 52.9.250.229:1919, 54.168.84.195:22, 57.7.22.16:22, 58.185.39.162:22, 62.18.167.202:22, 62.210.130.171:1919, 63.83.192.230:22, 65.17.244.207:22, 65.227.58.246:22, 66.134.65.251:22, 7.247.169.224:22, 72.114.100.144:22, 75.250.112.205:22, 77.232.24.87:1919, 78.36.76.4:1919, 81.222.221.226:1919, 87.50.82.149:22, 89.243.125.120:22 and 93.167.77.246:22 |
|
Process /bin/bash scanned port 1919 on 32 IP Addresses |
Port 22 Scan Port 1919 Scan |
Process /bin/bash scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 1919 Scan |
Process /bin/bash scanned port 1919 on 68 IP Addresses |
Port 22 Scan Port 1919 Scan |
Process /bin/bash scanned port 22 on 68 IP Addresses |
Port 22 Scan Port 1919 Scan |
Process /bin/bash started listening on ports: 1919 |
Listening |
Service systemd-worker was created |
Service Creation |
Connection was closed due to timeout |
|
/root/.2032687141960750504/xinetd |
SHA256: b9e643a8e78d2ce745fbe73eb505c8a0cc49842803077809b2267817979d10b0 |
30171136 bytes |